News

Opening your closed-circuit TV system

More and more people are demanding that their security systems can be controlled and managed from remote locations. This can be a great idea if it is done in the correct, or more importantly, the secure way.

The demand for real time information about CCTV, Access Control or even Fire Systems to be pushed to mobile devices is increasing all the time. The Internet of Things (IoT) is here to stay.

Technology moves fast, we know that. However, if we rewind 15 years and look at CCTV, for example, most systems being installed then were analogue. It was, of course, possible to hook a Digital Video Recorder (DVR) to a router and then into the web to allow remote access.

Let’s look at how this was done in a little bit more detail. The installer would place the analogue cameras to the customer’s requirements and connect the cameras to the new DVR. He would create a physical network connection between the network port of the DVR and a spare port on the network router or switch.

If the installer was sensible, the default user name and password would be changed and the customer would be shown what he or she needed to do with the system, such as view live images or playback. The customer would generally be restricted from access to configuration settings.

Early DVRs could not drive a secondary stream through the recorder so camera images with poor compression were pushed down the router and then to the internet. Broadband was in its infancy, connection speeds were slow and viewing images was pretty soul-destroying, sometimes impossible.

However, the connection from the remote location to the DVR was secure. The installer would open ports on the router or, even better, create a virtual private network to enable direct connection from the remote device to the DVR with password authentication – a secure point-to-point connection if you like.

But what if there was a need to cut out some of the engineers’ work, the part of the router configuration. If the customer didn’t know the password for the router, it took an age to get the information from the internet service provider (ISP), which might not even talk to the engineer?

It’s a familiar scenario, a scenario that CCTV manufacturers were aware of and decided to do something about. So, let’s fast forward to the present and have a look at what has been done to eliminate the requirements of port-forwarding through the customer’s router.

An engineer’s time is usually the most expensive part of an installation. Router configuration has always been difficult, not because engineers find it technically challenging but because routers, configurations passwords and user names are different.

If the CCTV system is piggy-backed on to the customer’s network system then usually the engineer will have the added challenge of dealing with the IT department and their queries about how much bandwidth the engineer is intending to use.

So, is easy network configuration, or cloud network configuration, the answer? This is where CCTV manufacturers put a server in place to eliminate the need for router configuration, tricky firewalls, user names and passwords. I have seen this easy setup in action and to be fair, it works.

Some manufacturers even provide a QR Code and, with a couple of clicks on a mobile device, the network video and HD Cameras are all available on the world-wide web. Everyone is happy.

So, what’s the downside?

Well, the IT department were happy previously because they did not receive instructions from their boss or the security engineer that there was a requirement to hook the CCTV system up to the network and then finally through the router to the outside world.

The IT concerns regarding bandwidth were therefore never discussed and now the security system is on the network hogging all the throughput. The network slows down and people start getting annoyed. Who is to blame? The IT department, obviously.

Security is a key part of any system. If we look back at how the engineer configured the router in the past to create a point-to-point secure network, yes it was time consuming, but it was secure. Is this new, easy network configuration secure? Honestly, I don’t know, but I do know that the router configuration method (done the right way) was.

I asked a well-known Chinese manufacturer at a recent security roadshow where the cloud-based server location was. He didn’t have an answer. I wanted to know where the security cameras were being relayed to before they ended up on the customer’s remote viewing devices. Who and where was the middle man, if you like?

Of course, manufacturers will say their servers are secure and that hacking is not an issue. I am not going to agree or disagree – I would just like to raise my concerns regarding the potential security risks.

Always use a trusted, reliable security company to configure your network security devices, preferably one with a network accreditation. When something is too good to be true, it usually is.